Nmap Network Scanning

SSL

Ncat can encrypt its traffic using SSL. In connect mode, simply add the
--ssl
option. --ssl works with TCP (the default) and
SCTP
(--sctp
option). Here is the syntax for connecting to
an HTTPS server:

ncat -C --ssl <server> 443

Sometimes an SSL server will require a client certificate for
authentication. When this is the case, use the
--ssl-cert
and
--ssl-key
options to give the locations of PEM-encoded files containing the
certificate and private key, respectively. The certificate and key may
be in the same file.

By default the client will not do any server certificate verification, so it
will not be detected if the server has the wrong certificate or no
certificate at all. Use the --ssl-verify option to
require verification of the certificate and matching of the domain
name.

ncat -C --ssl-verify <server> 443

Verification is done using the
ca-bundle.crt
certificate bundle shipped with Ncat, plus whatever trusted
certificates the operating system may provide. If you want to verify a
connection to a server whose certificate isn't signed by one of the
default certification authorities, use the
--ssl-trustfile to name a file containing
certificates you trust. The file must be in PEM format.

ncat -C --ssl-verify --ssl-trustfile <custom-certs.pem><server> 443

Verification should be done whenever it is feasible. Even with
encryption, an unverified connection is vulnerable to a
man-in-the-middle attack. Ncat does not do certificate
revocation
checking.

Ncat can act as an SSL server as well. The server must provide a
certificate that clients can verify if they choose. If you start an
SSL server without using the --ssl-cert and
--ssl-key options, Ncat will automatically generate a
certificate and 1,024-bit RSA key. The certificate will of course not
be trusted by any application doing certificate verification. In
verbose mode, the key's fingerprint will be printed so you can do
manual verification if desired.
Example 2
shows sample output.

Using an existing certificate and key is recommended whenever possible
because it allows for robust server authentication. Use the
--ssl-cert and --ssl-key options to
pass in PEM-encoded files.
For testing purposes you can generate a self-signed certificate and
private key. If you have OpenSSL
installed, use this command:

openssl req -new -x509 -keyout test-key.pem -out test-cert.pem.

For purposes of certificate verification, the
commonName
in the certificate should match the fully qualified domain
name
of the host that will run the server. After generating the files,
start the server:

ncat --listen --ssl --ssl-cert test-cert.pem --ssl-key test-key.pem.

To make a verified client connection, copy the
test-cert.pem file somewhere where the client can
access it, then run